[FX.php List] Fwd: spam and php fmp sites

Joel Shapiro jsfmp at earthlink.net
Thu Oct 18 17:44:16 MDT 2007 

Thanks Dan

That looks pretty cool...  Kind of a text-based captcha, right?

I'll pass it along as another option.

-
Thanks everyone for all your suggestions!

Best,
-Joel


On Oct 18, 2007, at 1:15 PM, DC wrote:

> i've had success with this script that spells out numbers in  
> english and then you ask the person to type the number. not good  
> for a widespread commercial app, but good (and the technique is  
> obscure) for a small site.
>
> function ConvertThree ($intArgNumber, $dispAnd = false)
> {
>     $intNumber = '';
>     $strNumConv = '';
>
>     $aySmall = array('Zero', 'One', 'Two', 'Three', 'Four', 'Five',  
> 'Six', 'Seven', 'Eight', 'Nine');
>     $ayMedium = array('Zero', 'Ten', 'Twenty', 'Thirty', 'Forty',  
> 'Fifty', 'Sixty', 'Seventy', 'Eighty', 'Ninety');
>     $ayLarge = array('Ten', 'Eleven', 'Twelve', 'Thirteen',  
> 'Fourteen', 'Fifteen', 'Sixteen', 'Seventeen', 'Eighteen',  
> 'Nineteen');
>
>     if ($intArgNumber > 99) $strNumConv .= $aySmall[$intArgNumber/ 
> 100] . " Hundred";
>     if (($dispAnd == true) and ($intArgNumber > 99)) $strNumConv .=  
> " and ";
>
>     $intNumber = $intArgNumber % 100;
>     if ($intNumber > 19) {
>         if ($intArgNumber > 99) $strNumConv .= " ";
>
>         $strNumConv .= $ayMedium[$intNumber/10];
>         if ($intNumber % 10 > 0) $strNumConv .= " " . $aySmall 
> [$intNumber % 10];
>
>     } elseif ($intNumber > 9) {
>         if ($intArgNumber > 99) $strNumConv .= $ayLarge 
> [$intNumber-10];
>     } elseif ($intNumber > 0) {
>         if ($intArgNumber > 99)  $strNumConv .= " ";
>         $strNumConv .= $aySmall[$intNumber];
>     }
>     return $strNumConv;
> }
>
> dan
>
> Alex Gates had written:
>> What about this:
>> Make a hidden form field and give it a generic name that the bots  
>> will go for - "name" or "URL" or something that isn't already in  
>> use - and give it a value of "".
>> The bots look for generic names - and it won't really know if it  
>> is hidden or not...
>> Then, simply reject any submission that has a value in the hidden  
>> field.
>> Any legitimate submission from a real user won't have anything in  
>> that field, since it is a hidden field - but a bot will fill  
>> something in...
>> Alex
>> Joel Shapiro wrote:
>>> Hi all
>>>
>>> I'm forwarding something from a local colleague.  He's got a site  
>>> that's getting hit with form submissions by spammers.
>>>
>>> He works for a school district.  The site is not meant for the  
>>> general public, although it is apparently publicly available and  
>>> is not password protected.
>>>
>>> Any quick suggestions for them?
>>>
>>> (Sorry the post is so long, but I figured I might as well forward  
>>> his whole message.)
>>>
>>> Thanks,
>>> -Joel
>>>
>>>
>>> Begin forwarded message:
>>>
>>>> Subject: spam and php fmp sites
>>>>
>>>> Any suggestions on how to stop spam from being submitted on a  
>>>> PHP FileMaker
>>>> web registration solution, running on a Windows 2003 Server with  
>>>> FMAS9?
>>>>
>>>> The solution does not ask for any password.  Users can hit it  
>>>> over the web.
>>>> I am not sure how spammers found it if not from webbots....
>>>>
>>>> One of the functions of the solution is to allow users to send a  
>>>> suggestion
>>>> via email.  The user goes to a page where they fill in a  
>>>> suggestion text
>>>> field and hit a submit button which creates are record and  
>>>> generates an
>>>> email message with to a backend fmp user with the contents of  
>>>> the suggestion
>>>> field they filled out.
>>>> -------------Some spam is beig generated from this function  
>>>> where the emails
>>>> sent contain spam url's that heve been entered into the  
>>>> suggestion text
>>>> field.
>>>>
>>>> Another function of the solution is where users can register for  
>>>> a workshop.
>>>> They choose a workshop from a list and then fill in their user  
>>>> information
>>>> and then click a "register" (submit) button which creates a new  
>>>> record in
>>>> the solution.  Spam URL's are appearing in the user background  
>>>> infomration
>>>> text fields from these bogus registrations.
>>>>
>>>> I was thinking that if I required authentication from one  
>>>> account therefore
>>>> giving all users of the system the same password would prevent  
>>>> the spam.
>>>>
>>>> or
>>>>
>>>> The instead of FM authentication, make it look like there is a  
>>>> password
>>>> needed by giving out to all users a universal password which is  
>>>> actually
>>>> just a phrase they enter into a field when first entering the  
>>>> solution and
>>>> clicking on a submit button which does a search for that  
>>>> phrase...if the
>>>> phrase is not correct they are sent to an error page if it is  
>>>> found they are
>>>> taken to the registration menu.
>>>>
>>>> Any ideas on how to stop this?  Is anyone encountering similar
>>>> problems...where spammers are filing out forms and submitting  
>>>> them with SPAM
>>>> content??
>>>>
>>>> Thanks for your help!
>>>
>>> _______________________________________________
>>> FX.php_List mailing list
>>> FX.php_List at mail.iviking.org
>>> http://www.iviking.org/mailman/listinfo/fx.php_list
>>>
>> _______________________________________________
>> FX.php_List mailing list
>> FX.php_List at mail.iviking.org
>> http://www.iviking.org/mailman/listinfo/fx.php_list
> _______________________________________________
> FX.php_List mailing list
> FX.php_List at mail.iviking.org
> http://www.iviking.org/mailman/listinfo/fx.php_list

More information about the FX.php_List mailing list